package cn.rui.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.ForwardAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

/**
 * @author 徽州大都督
 * @date 2020/8/29
 */
@Component
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)  //会拦截注解了@PreAuthrize注解的配置
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    /*@Override
    public void configure(WebSecurity web) throws Exception {
        //配置不走SpringSecurity验证的url
        web.ignoring ().antMatchers ("/user/sessionTimeOut");
    }*/

    /*@Autowired
    private AccessDeniedHandler accessDeniedHandler;*/

    /**
     * 配置用户认证信息和权限
     *
     * @param
     * @throws Exception
     */
    /*@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {


        auth.inMemoryAuthentication ()
                .withUser ("admin")
                .password (passwordEncoder().encode ("123"))
                //.authorities ("add"); //拥有的权限
                .roles ("add");
    }*/

    @Bean
    public BCryptPasswordEncoder passwordEncoder() { //密码加密
        return new BCryptPasswordEncoder();
    }


    /**
     * 配置拦截请求的资源
     *
     * @param http
     * @throws Exception
     */
    /*@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests ().antMatchers ("/**")
                .fullyAuthenticated ()
                .and ().formLogin (); //拦截所有请求
    }*/


    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests ()
                /*.antMatchers ("/user/add").hasAnyAuthority ("add")
                .antMatchers ("/user/delete").hasAnyAuthority ("delete")
                .antMatchers ("/user/update").hasAnyAuthority ("update")
                .antMatchers ("/user/find").hasAnyAuthority ("find")*/
                .antMatchers ("/login.html").permitAll ()//放行
                .antMatchers ("/css/**").permitAll ()//放行
                .antMatchers ("/js/**").permitAll ()//放行
                .antMatchers ("/img/**").permitAll ()//放行
                .antMatchers ("/plugins/**").permitAll ()//放行
                .antMatchers ("/elementuidemo/**").permitAll ()//放行
                .antMatchers ("/**").fullyAuthenticated ()
                .and ().formLogin ().loginPage ("/login.html")  //定制自己的登陆页面
                //指定自定义form表单请求的路径
                .loginProcessingUrl ("/authentication/form")
                .passwordParameter ("password")
                .usernameParameter ("username")
                .successForwardUrl ("/user/login")
                //.failureUrl ("/main.html")
                .and ().logout ().logoutUrl ("/logout").logoutSuccessUrl ("/login.html")  //注销路径
                .and ().sessionManagement ().invalidSessionUrl ("/login.html")  //设置登陆超时之后访问的路径
                //.and ().exceptionHandling ().accessDeniedHandler (accessDeniedHandler)  //登陆失败返回信息
                .and ().csrf ().disable () //跨站点攻击，默认关闭，禁止跨站点攻击
                .headers ().frameOptions ().disable ();  //security设置页面可以通过iframe访问受保护的页面
    }


}
